65 matches found
ROS-20260603-73-0003
The vulnerability in rubygem-activestorage relates to insufficient checking of the intentions by the recipient of the broadcast message. Exploiting this vulnerability allows a perpetrator to execute arbitrary code...
ROS-20260508-73-0001
Vulnerability in rubygem-activestorage related to unrestricted resource allocation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
ROS-20260508-73-0003
Vulnerability in rubygem-activestorage related to insufficient neutralization of special elements in a request. Exploitation of the vulnerability could allow a remote attacker to execute arbitrary code...
ROS-20260508-73-0005
Vulnerability in rubygem-activestorage related to incorrect path name restriction to a restricted directory. Exploitation of the vulnerability may allow a remote attacker to gain unauthorized access to protected information...
ROS-20260508-73-0006
Vulnerability in rubygem-activestorage related to uncontrolled memory allocation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
Improper Input Validation
activestorage is vulnerable to Improper Input Validation. The vulnerability is due to unescaped use of blob keys in Dir.glob within DiskServicedeleteprefixed, which allows an attacker to inject glob metacharacters and delete unintended files from the storage directory...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the proxy controller when processing HTTP requests containing a large number of byte ranges in the Range header. An attacker can cause excessive CPU usage by sending requests with...
Glob Injection
Overview Affected versions of this package are vulnerable to Glob Injection via the DiskServicedeleteprefixed function. An attacker can delete unintended files from the storage directory by supplying blob keys containing glob metacharacters that are passed unescaped to Dir.glob. Remediation Upgra...
Memory Allocation with Excessive Size Value
Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value in the Blobs::ProxyController. An attacker can exhaust server memory by sending requests with large or unbounded range headers. Remediation Upgrade activestorage to version 7.2.3.1, 8.0.4.1,...
Improper Handling of Values
Overview Affected versions of this package are vulnerable to Improper Handling of Values in the DirectUploadsController. A malicious direct-upload client can set contenttype flags like identified and analyzed to make a malicious uploaded file appear safe. Remediation Upgrade activestorage to...
ruby4.0-rubygem-activestorage-8.0-8.0.3-1.3 on GA media (moderate)
ruby4.0-rubygem-activestorage-8.0-8.0.3-1.3 on GA media Announcement ID: openSUSE-SU-2026:10344-1 Rating: moderate Cross-References: CVE-2024-54133 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed...
OPENSUSE-SU-2026:10344-1 ruby4.0-rubygem-activestorage-8.0-8.0.3-1.3 on GA media
These are all security issues fixed in the ruby4.0-rubygem-activestorage-8.0-8.0.3-1.3 package on the GA media of openSUSE Tumbleweed...
Malicious code in activestorage-redundancy (RubyGems)
--- -= Per source details. Do not edit below this line.=-...
MAL-2025-192894 Malicious code in activestorage-redundancy (RubyGems)
--- -= Per source details. Do not edit below this line.=-...
EUVD-2020-0430
Malware in sbrugna...
Command Injection
activestorage is vulnerable to command injection. The vulnerability is due to unsafe defaults in the allowed list of image transformation methods, which allows an attacker to supply arbitrary input and execute malicious commands...
Linux Distros Unpatched Vulnerability : CVE-2020-8162
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A client side enforcement of server side security vulnerability exists in rails 5.2.4.2 and rails 6.0.3.1 ActiveStorage's S3 adapter that allows the...
Arbitrary Command Injection
Overview Affected versions of this package are vulnerable to Arbitrary Command Injection due to untrusted user input being accepted as transformation methods or parameters. An attacker can execute arbitrary commands on the server by supplying crafted input that circumvents safe defaults. Note: Th...
ruby3.4-rubygem-activestorage-8.0-8.0.1-1.1 on GA media (moderate)
ruby3.4-rubygem-activestorage-8.0-8.0.1-1.1 on GA media Announcement ID: openSUSE-SU-2025:14677-1 Rating: moderate Cross-References: CVE-2024-54133 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed...
OPENSUSE-SU-2025:14677-1 ruby3.4-rubygem-activestorage-8.0-8.0.1-1.1 on GA media
These are all security issues fixed in the ruby3.4-rubygem-activestorage-8.0-8.0.1-1.1 package on the GA media of openSUSE Tumbleweed...